"Defense In Depth," as it is known, is definitely a cornerstone of best security practices. The article is not bad, but the author seems to gloss over a key point:
You need to conduct a Cost-Of-Data study to determine what your needs are, and how much you should spend on security. For example, if your data is worth $100,000, does it make sense to throw $250,000 into a security solution to protect that data? Likewise, a single security point protecting $100,000 in data may also not be a good idea.
That said, you do want to provide as many barriers as you possibly can. The key here is to make yourself look less attractive to hackers than the next site.
What if you have a shoestring budget? Here's a simple and cheap way to provide multiple barriers:
1) Use access-lists on your Internet router to only permit what is absolutely necessary. You'll be surprised how easy it is to cut down on scans and spoofing attacks simply by filtering 127.0.0.1, 20.0.0.0, 172.16.0.0, and 192.168.0.0 from coming in. Add to that only traffic that is permitted and that's a good first barrier.
2) Download the Snort IDS and place it on your Internet segment. The software is free, so all you need is a cheap PC with a bit of disk space.
3) Make the PIX your last barrier.
Now you have two layers a person must break through, and an IDS to detect anything past the first layer. Just doing this will be a step farther than 90 percent of all websites on the Internet.
Just my two cents...
